# Copyright 2022 99cloud
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# flake8: noqa
# fmt: off

from skyline_apiserver.schemas.policy_manager import Operation

from . import base

list_rules = (
    base.Rule(
        name="project-admin",
        check_str=("role:admin and project_id:%(project_id)s"),
        description="Project scoped Administrator",
    ),
    base.Rule(
        name="project-member",
        check_str=("(role:member or role:_member_) and project_id:%(project_id)s"),
        description="Project scoped Member",
    ),
    base.Rule(
        name="project-reader",
        check_str=("role:reader and project_id:%(project_id)s"),
        description="Project scoped Reader",
    ),
    base.Rule(
        name="context_is_admin",
        check_str=("role:admin"),
        description="Privileged users checked via \"context.is_admin\"",
    ),
    base.Rule(
        name="admin_or_owner",
        check_str=("is_admin:True or project_id:%(project_id)s"),
        description="Administrator or Member of the project",
    ),
    base.Rule(
        name="default",
        check_str=("rule:admin_or_owner"),
        description="Default rule for most non-Admin APIs",
    ),
    base.Rule(
        name="admin_api",
        check_str=("is_admin:True"),
        description="Default rule for most Admin APIs.",
    ),
    base.APIRule(
        name="availability_zone:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all storage availability zones.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/os-availability-zone"), Operation(method="GET", path="/availability-zone")],
    ),
    base.APIRule(
        name="scheduler_stats:pools:index",
        check_str=("rule:context_is_admin"),
        description="Get information regarding backends (and storage pools) known to the scheduler.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/scheduler-stats/pools?{query}")],
    ),
    base.APIRule(
        name="scheduler_stats:pools:detail",
        check_str=("rule:context_is_admin"),
        description="Get detailed information regarding backends (and storage pools) known to the scheduler.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/scheduler-stats/pools/detail?{query}")],
    ),
    base.APIRule(
        name="share:create",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Create share.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares")],
    ),
    base.APIRule(
        name="share:create_public_share",
        check_str=("rule:context_is_admin"),
        description="Create shares visible across all projects in the cloud.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares")],
    ),
    base.APIRule(
        name="share:get",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get share.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/shares/{share_id}")],
    ),
    base.APIRule(
        name="share:get_all",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="List shares.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/shares?{query}"), Operation(method="GET", path="/shares/detail?{query}")],
    ),
    base.APIRule(
        name="share:update",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Update a share.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/shares/{share_id}")],
    ),
    base.APIRule(
        name="share:set_public_share",
        check_str=("rule:context_is_admin"),
        description="Update a share to be visible across all projects in the cloud.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/shares/{share_id}")],
    ),
    base.APIRule(
        name="share:delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete share.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/shares/{share_id}")],
    ),
    base.APIRule(
        name="share:soft_delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Soft Delete a share.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:restore",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Restore a share.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:force_delete",
        check_str=("rule:context_is_admin"),
        description="Force Delete a share.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/shares/{share_id}")],
    ),
    base.APIRule(
        name="share:manage",
        check_str=("rule:context_is_admin"),
        description="Manage share.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/manage")],
    ),
    base.APIRule(
        name="share:unmanage",
        check_str=("rule:context_is_admin"),
        description="Unmanage share.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/unmanage")],
    ),
    base.APIRule(
        name="share:list_by_host",
        check_str=("rule:context_is_admin"),
        description="List share by host.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/shares?host={host}"), Operation(method="GET", path="/shares/detail?host={host}")],
    ),
    base.APIRule(
        name="share:list_by_share_server_id",
        check_str=("rule:context_is_admin"),
        description="List share by server id.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/shares?share_server_id={share_server_id}"), Operation(method="GET", path="/shares/detail?share_server_id={share_server_id}")],
    ),
    base.APIRule(
        name="share:access_get",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get share access rule (deprecated in API version 2.45).",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:access_get_all",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="List share access rules (deprecated in API version 2.45).",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:extend",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Extend share.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:force_extend",
        check_str=("rule:context_is_admin"),
        description="Force extend share.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:shrink",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Shrink share.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:migration_start",
        check_str=("rule:context_is_admin"),
        description="Migrate a share to the specified host.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:migration_complete",
        check_str=("rule:context_is_admin"),
        description="Invoke 2nd phase of share migration.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:migration_cancel",
        check_str=("rule:context_is_admin"),
        description="Attempt to cancel share migration.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:migration_get_progress",
        check_str=("rule:context_is_admin"),
        description="Retrieve share migration progress for a given share.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:reset_task_state",
        check_str=("rule:context_is_admin"),
        description="Reset task state.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:reset_status",
        check_str=("rule:context_is_admin"),
        description="Reset status.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:revert_to_snapshot",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Revert a share to a snapshot.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:allow_access",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Add share access rule.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:deny_access",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Remove share access rule.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/shares/{share_id}/action")],
    ),
    base.APIRule(
        name="share:update_share_metadata",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Update share metadata.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/shares/{share_id}/metadata"), Operation(method="POST", path="/shares/{share_id}/metadata/{key}"), Operation(method="POST", path="/shares/{share_id}/metadata")],
    ),
    base.APIRule(
        name="share:delete_share_metadata",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete share metadata.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/shares/{share_id}/metadata/{key}")],
    ),
    base.APIRule(
        name="share:get_share_metadata",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get share metadata.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/shares/{share_id}/metadata"), Operation(method="GET", path="/shares/{share_id}/metadata/{key}")],
    ),
    base.APIRule(
        name="share:create_snapshot",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Create share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/snapshots")],
    ),
    base.APIRule(
        name="share:delete_snapshot",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/snapshots/{snapshot_id}")],
    ),
    base.APIRule(
        name="share:snapshot_update",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Update share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/snapshots/{snapshot_id}/action")],
    ),
    base.APIRule(
        name="share:update_admin_only_metadata",
        check_str=("rule:context_is_admin"),
        description="Update metadata items that are considered \"admin only\" by the service.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/shares/{share_id}/metadata")],
    ),
    base.APIRule(
        name="share_instance_export_location:index",
        check_str=("rule:context_is_admin"),
        description="Return data about the requested export location.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share_instances/{share_instance_id}/export_locations")],
    ),
    base.APIRule(
        name="share_instance_export_location:show",
        check_str=("rule:context_is_admin"),
        description="Return data about the requested export location.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share_instances/{share_instance_id}/export_locations/{export_location_id}")],
    ),
    base.APIRule(
        name="share_type:create",
        check_str=("rule:context_is_admin"),
        description="Create share type.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/types")],
    ),
    base.APIRule(
        name="share_type:update",
        check_str=("rule:context_is_admin"),
        description="Update share type.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/types/{share_type_id}")],
    ),
    base.APIRule(
        name="share_type:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get share type.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/types/{share_type_id}")],
    ),
    base.APIRule(
        name="share_type:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="List share types.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/types?is_public=all")],
    ),
    base.APIRule(
        name="share_type:default",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get default share type.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/types/default")],
    ),
    base.APIRule(
        name="share_type:delete",
        check_str=("rule:context_is_admin"),
        description="Delete share type.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/types/{share_type_id}")],
    ),
    base.APIRule(
        name="share_type:list_project_access",
        check_str=("rule:context_is_admin"),
        description="List share type project access.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/types/{share_type_id}")],
    ),
    base.APIRule(
        name="share_type:add_project_access",
        check_str=("rule:context_is_admin"),
        description="Add share type to project.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/types/{share_type_id}/action")],
    ),
    base.APIRule(
        name="share_type:remove_project_access",
        check_str=("rule:context_is_admin"),
        description="Remove share type from project.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/types/{share_type_id}/action")],
    ),
    base.APIRule(
        name="share_types_extra_spec:create",
        check_str=("rule:context_is_admin"),
        description="Create share type extra spec.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/types/{share_type_id}/extra_specs")],
    ),
    base.APIRule(
        name="share_types_extra_spec:show",
        check_str=("rule:context_is_admin"),
        description="Get share type extra specs of a given share type.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/types/{share_type_id}/extra_specs")],
    ),
    base.APIRule(
        name="share_types_extra_spec:index",
        check_str=("rule:context_is_admin"),
        description="Get details of a share type extra spec.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/types/{share_type_id}/extra_specs/{extra_spec_id}")],
    ),
    base.APIRule(
        name="share_types_extra_spec:update",
        check_str=("rule:context_is_admin"),
        description="Update share type extra spec.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/types/{share_type_id}/extra_specs")],
    ),
    base.APIRule(
        name="share_types_extra_spec:delete",
        check_str=("rule:context_is_admin"),
        description="Delete share type extra spec.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/types/{share_type_id}/extra_specs/{key}")],
    ),
    base.APIRule(
        name="share_snapshot:get_snapshot",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshots/{snapshot_id}")],
    ),
    base.APIRule(
        name="share_snapshot:get_all_snapshots",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all share snapshots.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshots?{query}"), Operation(method="GET", path="/snapshots/detail?{query}")],
    ),
    base.APIRule(
        name="share_snapshot:force_delete",
        check_str=("rule:context_is_admin"),
        description="Force Delete a share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/snapshots/{snapshot_id}")],
    ),
    base.APIRule(
        name="share_snapshot:manage_snapshot",
        check_str=("rule:context_is_admin"),
        description="Manage share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/snapshots/manage")],
    ),
    base.APIRule(
        name="share_snapshot:unmanage_snapshot",
        check_str=("rule:context_is_admin"),
        description="Unmanage share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action")],
    ),
    base.APIRule(
        name="share_snapshot:reset_status",
        check_str=("rule:context_is_admin"),
        description="Reset status.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action")],
    ),
    base.APIRule(
        name="share_snapshot:access_list",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="List access rules of a share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshots/{snapshot_id}/access-list")],
    ),
    base.APIRule(
        name="share_snapshot:allow_access",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Allow access to a share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action")],
    ),
    base.APIRule(
        name="share_snapshot:deny_access",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Deny access to a share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/snapshots/{snapshot_id}/action")],
    ),
    base.APIRule(
        name="share_snapshot:update_metadata",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Update snapshot metadata.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/snapshots/{snapshot_id}/metadata"), Operation(method="POST", path="/snapshots/{snapshot_id}/metadata/{key}"), Operation(method="POST", path="/snapshots/{snapshot_id}/metadata")],
    ),
    base.APIRule(
        name="share_snapshot:delete_metadata",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete snapshot metadata.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/snapshots/{snapshot_id}/metadata/{key}")],
    ),
    base.APIRule(
        name="share_snapshot:get_metadata",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get snapshot metadata.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshots/{snapshot_id}/metadata"), Operation(method="GET", path="/snapshots/{snapshot_id}/metadata/{key}")],
    ),
    base.APIRule(
        name="share_snapshot_export_location:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="List export locations of a share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshots/{snapshot_id}/export-locations/")],
    ),
    base.APIRule(
        name="share_snapshot_export_location:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of a specified export location of a share snapshot.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshots/{snapshot_id}/export-locations/{export_location_id}")],
    ),
    base.APIRule(
        name="share_snapshot_instance:show",
        check_str=("rule:context_is_admin"),
        description="Get share snapshot instance.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshot-instances/{snapshot_instance_id}")],
    ),
    base.APIRule(
        name="share_snapshot_instance:index",
        check_str=("rule:context_is_admin"),
        description="Get all share snapshot instances.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshot-instances?{query}")],
    ),
    base.APIRule(
        name="share_snapshot_instance:detail",
        check_str=("rule:context_is_admin"),
        description="Get details of share snapshot instances.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshot-instances/detail?{query}")],
    ),
    base.APIRule(
        name="share_snapshot_instance:reset_status",
        check_str=("rule:context_is_admin"),
        description="Reset share snapshot instance's status.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/snapshot-instances/{snapshot_instance_id}/action")],
    ),
    base.APIRule(
        name="share_snapshot_instance_export_location:index",
        check_str=("rule:context_is_admin"),
        description="List export locations of a share snapshot instance.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshot-instances/{snapshot_instance_id}/export-locations")],
    ),
    base.APIRule(
        name="share_snapshot_instance_export_location:show",
        check_str=("rule:context_is_admin"),
        description="Show details of a specified export location of a share snapshot instance.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}")],
    ),
    base.APIRule(
        name="share_server:index",
        check_str=("rule:context_is_admin"),
        description="Get share servers.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-servers?{query}")],
    ),
    base.APIRule(
        name="share_server:show",
        check_str=("rule:context_is_admin"),
        description="Show share server.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-servers/{server_id}")],
    ),
    base.APIRule(
        name="share_server:details",
        check_str=("rule:context_is_admin"),
        description="Get share server details.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-servers/{server_id}/details")],
    ),
    base.APIRule(
        name="share_server:delete",
        check_str=("rule:context_is_admin"),
        description="Delete share server.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/share-servers/{server_id}")],
    ),
    base.APIRule(
        name="share_server:manage_share_server",
        check_str=("rule:context_is_admin"),
        description="Manage share server.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-servers/manage")],
    ),
    base.APIRule(
        name="share_server:unmanage_share_server",
        check_str=("rule:context_is_admin"),
        description="Unmanage share server.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")],
    ),
    base.APIRule(
        name="share_server:reset_status",
        check_str=("rule:context_is_admin"),
        description="Reset the status of a share server.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")],
    ),
    base.APIRule(
        name="share_server:share_server_migration_start",
        check_str=("rule:context_is_admin"),
        description="Migrates a share server to the specified host.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")],
    ),
    base.APIRule(
        name="share_server:share_server_migration_check",
        check_str=("rule:context_is_admin"),
        description="Check if can migrates a share server to the specified host.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")],
    ),
    base.APIRule(
        name="share_server:share_server_migration_complete",
        check_str=("rule:context_is_admin"),
        description="Invokes the 2nd phase of share server migration.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")],
    ),
    base.APIRule(
        name="share_server:share_server_migration_cancel",
        check_str=("rule:context_is_admin"),
        description="Attempts to cancel share server migration.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")],
    ),
    base.APIRule(
        name="share_server:share_server_migration_get_progress",
        check_str=("rule:context_is_admin"),
        description="Retrieves the share server migration progress for a given share server.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")],
    ),
    base.APIRule(
        name="share_server:share_server_reset_task_state",
        check_str=("rule:context_is_admin"),
        description="Resets task state.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-servers/{share_server_id}/action")],
    ),
    base.APIRule(
        name="service:index",
        check_str=("rule:context_is_admin"),
        description="Return a list of all running services.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/os-services?{query}"), Operation(method="GET", path="/services?{query}")],
    ),
    base.APIRule(
        name="service:update",
        check_str=("rule:context_is_admin"),
        description="Enable/Disable scheduling for a service.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/os-services/disable"), Operation(method="PUT", path="/os-services/enable"), Operation(method="PUT", path="/services/disable"), Operation(method="PUT", path="/services/enable")],
    ),
    base.APIRule(
        name="quota_set:update",
        check_str=("rule:context_is_admin"),
        description="Update the quotas for a project/user and/or share type.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/quota-sets/{project_id}"), Operation(method="PUT", path="/quota-sets/{project_id}?user_id={user_id}"), Operation(method="PUT", path="/quota-sets/{project_id}?share_type={share_type_id}"), Operation(method="PUT", path="/os-quota-sets/{project_id}"), Operation(method="PUT", path="/os-quota-sets/{project_id}?user_id={user_id}")],
    ),
    base.APIRule(
        name="quota_set:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="List the quotas for a project/user.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/quota-sets/{project_id}/defaults"), Operation(method="GET", path="/os-quota-sets/{project_id}/defaults")],
    ),
    base.APIRule(
        name="quota_set:delete",
        check_str=("rule:context_is_admin"),
        description="Delete quota for a project/user or project/share-type. The quota will revert back to default (Admin only).",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/quota-sets/{project_id}"), Operation(method="DELETE", path="/quota-sets/{project_id}?user_id={user_id}"), Operation(method="DELETE", path="/quota-sets/{project_id}?share_type={share_type_id}"), Operation(method="DELETE", path="/os-quota-sets/{project_id}"), Operation(method="DELETE", path="/os-quota-sets/{project_id}?user_id={user_id}")],
    ),
    base.APIRule(
        name="quota_class_set:update",
        check_str=("rule:context_is_admin"),
        description="Update quota class.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/quota-class-sets/{class_name}"), Operation(method="PUT", path="/os-quota-class-sets/{class_name}")],
    ),
    base.APIRule(
        name="quota_class_set:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get quota class.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/quota-class-sets/{class_name}"), Operation(method="GET", path="/os-quota-class-sets/{class_name}")],
    ),
    base.APIRule(
        name="share_group_types_spec:create",
        check_str=("rule:context_is_admin"),
        description="Create share group type specs.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-group-types/{share_group_type_id}/group-specs")],
    ),
    base.APIRule(
        name="share_group_types_spec:index",
        check_str=("rule:context_is_admin"),
        description="Get share group type specs.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-group-types/{share_group_type_id}/group-specs")],
    ),
    base.APIRule(
        name="share_group_types_spec:show",
        check_str=("rule:context_is_admin"),
        description="Get details of a share group type spec.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-group-types/{share_group_type_id}/group-specs/{key}")],
    ),
    base.APIRule(
        name="share_group_types_spec:update",
        check_str=("rule:context_is_admin"),
        description="Update a share group type spec.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/share-group-types/{share_group_type_id}/group-specs/{key}")],
    ),
    base.APIRule(
        name="share_group_types_spec:delete",
        check_str=("rule:context_is_admin"),
        description="Delete a share group type spec.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/share-group-types/{share_group_type_id}/group-specs/{key}")],
    ),
    base.APIRule(
        name="share_group_type:create",
        check_str=("rule:context_is_admin"),
        description="Create a new share group type.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-group-types")],
    ),
    base.APIRule(
        name="share_group_type:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get the list of share group types.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-group-types?is_public=all")],
    ),
    base.APIRule(
        name="share_group_type:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details regarding the specified share group type.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-group-types/{share_group_type_id}")],
    ),
    base.APIRule(
        name="share_group_type:default",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get the default share group type.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-group-types/default")],
    ),
    base.APIRule(
        name="share_group_type:delete",
        check_str=("rule:context_is_admin"),
        description="Delete an existing group type.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/share-group-types/{share_group_type_id}")],
    ),
    base.APIRule(
        name="share_group_type:list_project_access",
        check_str=("rule:context_is_admin"),
        description="Get project access by share group type.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-group-types/{share_group_type_id}/access")],
    ),
    base.APIRule(
        name="share_group_type:add_project_access",
        check_str=("rule:context_is_admin"),
        description="Allow project to use the share group type.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-group-types/{share_group_type_id}/action")],
    ),
    base.APIRule(
        name="share_group_type:remove_project_access",
        check_str=("rule:context_is_admin"),
        description="Deny project access to use the share group type.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-group-types/{share_group_type_id}/action")],
    ),
    base.APIRule(
        name="share_group_snapshot:create",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Create a new share group snapshot.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-group-snapshots")],
    ),
    base.APIRule(
        name="share_group_snapshot:get",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of a share group snapshot.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-group-snapshots/{share_group_snapshot_id}")],
    ),
    base.APIRule(
        name="share_group_snapshot:get_all",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all share group snapshots.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-group-snapshots?{query}"), Operation(method="GET", path="/share-group-snapshots/detail?{query}")],
    ),
    base.APIRule(
        name="share_group_snapshot:update",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Update a share group snapshot.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/share-group-snapshots/{share_group_snapshot_id}")],
    ),
    base.APIRule(
        name="share_group_snapshot:delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete a share group snapshot.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/share-group-snapshots/{share_group_snapshot_id}")],
    ),
    base.APIRule(
        name="share_group_snapshot:force_delete",
        check_str=("rule:context_is_admin"),
        description="Force delete a share group snapshot.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-group-snapshots/{share_group_snapshot_id}/action")],
    ),
    base.APIRule(
        name="share_group_snapshot:reset_status",
        check_str=("rule:context_is_admin"),
        description="Reset a share group snapshot's status.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-group-snapshots/{share_group_snapshot_id}/action")],
    ),
    base.APIRule(
        name="share_group:create",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Create share group.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-groups")],
    ),
    base.APIRule(
        name="share_group:get",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of a share group.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-groups/{share_group_id}")],
    ),
    base.APIRule(
        name="share_group:get_all",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all share groups.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-groups?{query}"), Operation(method="GET", path="/share-groups/detail?{query}")],
    ),
    base.APIRule(
        name="share_group:update",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Update share group.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/share-groups/{share_group_id}")],
    ),
    base.APIRule(
        name="share_group:delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete share group.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/share-groups/{share_group_id}")],
    ),
    base.APIRule(
        name="share_group:force_delete",
        check_str=("rule:context_is_admin"),
        description="Force delete a share group.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-groups/{share_group_id}/action")],
    ),
    base.APIRule(
        name="share_group:reset_status",
        check_str=("rule:context_is_admin"),
        description="Reset share group's status.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-groups/{share_group_id}/action")],
    ),
    base.APIRule(
        name="share_replica:create",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Create share replica.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-replicas")],
    ),
    base.APIRule(
        name="share_replica:get_all",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all share replicas.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-replicas"), Operation(method="GET", path="/share-replicas/detail"), Operation(method="GET", path="/share-replicas/detail?share_id={share_id}")],
    ),
    base.APIRule(
        name="share_replica:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of a share replica.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-replicas/{share_replica_id}")],
    ),
    base.APIRule(
        name="share_replica:delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete a share replica.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/share-replicas/{share_replica_id}")],
    ),
    base.APIRule(
        name="share_replica:force_delete",
        check_str=("rule:context_is_admin"),
        description="Force delete a share replica.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")],
    ),
    base.APIRule(
        name="share_replica:promote",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Promote a non-active share replica to active.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")],
    ),
    base.APIRule(
        name="share_replica:resync",
        check_str=("rule:context_is_admin"),
        description="Resync a share replica that is out of sync.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")],
    ),
    base.APIRule(
        name="share_replica:reset_replica_state",
        check_str=("rule:context_is_admin"),
        description="Reset share replica's replica_state attribute.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")],
    ),
    base.APIRule(
        name="share_replica:reset_status",
        check_str=("rule:context_is_admin"),
        description="Reset share replica's status.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-replicas/{share_replica_id}/action")],
    ),
    base.APIRule(
        name="share_replica_export_location:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all export locations of a given share replica.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-replicas/{share_replica_id}/export-locations")],
    ),
    base.APIRule(
        name="share_replica_export_location:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details about the requested share replica export location.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-replicas/{share_replica_id}/export-locations/{export_location_id}")],
    ),
    base.APIRule(
        name="share_network:create",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Create share network.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-networks")],
    ),
    base.APIRule(
        name="share_network:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of a share network.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-networks/{share_network_id}")],
    ),
    base.APIRule(
        name="share_network:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all share networks under a project.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-networks?{query}")],
    ),
    base.APIRule(
        name="share_network:detail",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of share networks under a project.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-networks/detail?{query}")],
    ),
    base.APIRule(
        name="share_network:update",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Update a share network.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/share-networks/{share_network_id}")],
    ),
    base.APIRule(
        name="share_network:delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete a share network.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/share-networks/{share_network_id}")],
    ),
    base.APIRule(
        name="share_network:add_security_service",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Add security service to share network.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")],
    ),
    base.APIRule(
        name="share_network:add_security_service_check",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Check the feasibility of add security service to a share network.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")],
    ),
    base.APIRule(
        name="share_network:remove_security_service",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Remove security service from share network.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")],
    ),
    base.APIRule(
        name="share_network:update_security_service",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Update security service from share network.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")],
    ),
    base.APIRule(
        name="share_network:update_security_service_check",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Check the feasibility of update a security service from share network.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")],
    ),
    base.APIRule(
        name="share_network:reset_status",
        check_str=("rule:context_is_admin"),
        description="Reset share network`s status.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")],
    ),
    base.APIRule(
        name="share_network:get_all_share_networks",
        check_str=("rule:context_is_admin"),
        description="Get share networks belonging to all projects.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-networks?all_tenants=1"), Operation(method="GET", path="/share-networks/detail?all_tenants=1")],
    ),
    base.APIRule(
        name="share_network:subnet_create_check",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Check the feasibility of create a new share network subnet for share network.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-networks/{share_network_id}/action")],
    ),
    base.APIRule(
        name="share_network_subnet:create",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Create a new share network subnet.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share-networks/{share_network_id}/subnets")],
    ),
    base.APIRule(
        name="share_network_subnet:delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete a share network subnet.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/share-networks/{share_network_id}/subnets/{share_network_subnet_id}")],
    ),
    base.APIRule(
        name="share_network_subnet:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Shows a share network subnet.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-networks/{share_network_id}/subnets/{share_network_subnet_id}")],
    ),
    base.APIRule(
        name="share_network_subnet:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all share network subnets.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-networks/{share_network_id}/subnets")],
    ),
    base.APIRule(
        name="security_service:create",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Create security service.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/security-services")],
    ),
    base.APIRule(
        name="security_service:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of a security service.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/security-services/{security_service_id}")],
    ),
    base.APIRule(
        name="security_service:detail",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of all security services.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/security-services/detail?{query}")],
    ),
    base.APIRule(
        name="security_service:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all security services under a project.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/security-services?{query}")],
    ),
    base.APIRule(
        name="security_service:update",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Update a security service.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/security-services/{security_service_id}")],
    ),
    base.APIRule(
        name="security_service:delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete a security service.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/security-services/{security_service_id}")],
    ),
    base.APIRule(
        name="security_service:get_all_security_services",
        check_str=("rule:context_is_admin"),
        description="Get security services of all projects.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/security-services?all_tenants=1"), Operation(method="GET", path="/security-services/detail?all_tenants=1")],
    ),
    base.APIRule(
        name="share_export_location:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all export locations of a given share.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/shares/{share_id}/export_locations")],
    ),
    base.APIRule(
        name="share_export_location:show",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details about the requested export location.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/shares/{share_id}/export_locations/{export_location_id}")],
    ),
    base.APIRule(
        name="share_instance:index",
        check_str=("rule:context_is_admin"),
        description="Get all share instances.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share_instances"), Operation(method="GET", path="/share_instances?{query}")],
    ),
    base.APIRule(
        name="share_instance:show",
        check_str=("rule:context_is_admin"),
        description="Get details of a share instance.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share_instances/{share_instance_id}")],
    ),
    base.APIRule(
        name="share_instance:force_delete",
        check_str=("rule:context_is_admin"),
        description="Force delete a share instance.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share_instances/{share_instance_id}/action")],
    ),
    base.APIRule(
        name="share_instance:reset_status",
        check_str=("rule:context_is_admin"),
        description="Reset share instance's status.",
        scope_types=["project"],
        operations=[Operation(method="POST", path="/share_instances/{share_instance_id}/action")],
    ),
    base.APIRule(
        name="message:get",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of a given message.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/messages/{message_id}")],
    ),
    base.APIRule(
        name="message:get_all",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get all messages.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/messages"), Operation(method="GET", path="/messages?{query}")],
    ),
    base.APIRule(
        name="message:delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete a message.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/messages/{message_id}")],
    ),
    base.APIRule(
        name="share_access_rule:get",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="Get details of a share access rule.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-access-rules/{share_access_id}")],
    ),
    base.APIRule(
        name="share_access_rule:index",
        check_str=("(rule:context_is_admin) or (rule:project-reader)"),
        description="List access rules of a given share.",
        scope_types=["project"],
        operations=[Operation(method="GET", path="/share-access-rules?share_id={share_id}&key1=value1&key2=value2")],
    ),
    base.APIRule(
        name="share_access_metadata:update",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Set metadata for a share access rule.",
        scope_types=["project"],
        operations=[Operation(method="PUT", path="/share-access-rules/{share_access_id}/metadata")],
    ),
    base.APIRule(
        name="share_access_metadata:delete",
        check_str=("(rule:context_is_admin) or (rule:project-member)"),
        description="Delete metadata for a share access rule.",
        scope_types=["project"],
        operations=[Operation(method="DELETE", path="/share-access-rules/{share_access_id}/metadata/{key}")],
    ),
)

__all__ = ("list_rules",)
